Altered purpose string and access scope for known SSO domains

[johnwilander]

I the groups conversations on First Party Sets, FPS, the idea of explicit domain purpose has been brought up, specifically for the purpose of single sign-on. This would mean a set of domains would have a single domain explicitly defined as holding single sign-on data.

If such information was a available to browsers through FPS or other means, it could be used to:

1. Allow longer storage access scope for the single sign-on domain under domains in its own set. This could for instance be for the browsing session (until browser quit) or for a set time such as N days.
2. Allow browsers to be more specific in the language of the Storage Access API prompt.

[michael-oneill]

Maybe combine this with the gpc.json resource or similar (DNT also had the TSR). A single JSON resouce at a .well-known location on a shared domain or tld+1 could be used by FPS, isLoggedIn, GPC, click convertions, many others. A single defined resource would also increase its visibility and therefore is importance as a legal declaration, could be ultimately recognised in law.

[hober]

The platform lacks such a mechanism now. Let's revisit this if and when that changes.